Collaborate Disseminate
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted… Continue reading Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no … Continue reading Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attacke… Continue reading CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years.
The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek.
Continue reading Qualcomm Extends Security Support for Android Devices to 8 Years
Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is no… Continue reading PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vu… Continue reading Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vul… Continue reading Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, no pat… Continue reading Swap EOL Zyxel routers, upgrade Netgear ones!
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the process… Continue reading Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox r… Continue reading 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)